WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixes and improvements to the RSA-PSS sign/verify example.

pull/108/head
David Garske 2018-10-16 09:56:02 -07:00
parent f0798df233
commit 6130262b75
3 changed files with 95 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -146,5 +146,5 @@ pkcs11/softhsm2.conf
pkcs11/softhsm2 pkcs11/softhsm2
crypto/rsa-pss/rsa-pss crypto/rsa-pss/rsa-pss
crypto/rsa-pss/rsa-public.key crypto/rsa-pss/rsa-public.der
crypto/rsa-pss/sign.txt crypto/rsa-pss/sign.txt

6
crypto/rsa-pss/README.md
View File

@ -16,8 +16,8 @@ sudo make install
## Usage ## Usage
Creates a key-pair, exports public key to rsa-public.key and signs message in variable `szMessage`. Creates a key-pair, exports public key to `rsa-public.der` and signs message in variable `szMessage`.
`./rsa-pss -o sign.txt` `./rsa-pss -s sign.txt`
Uses public key at `rsa-public.key` to verify signed data. Uses public key at `rsa-public.der` to verify signed data.
`./rsa-pss -v sign.txt` `./rsa-pss -v sign.txt`

132
crypto/rsa-pss/rsa-pss.c
View File

@ -21,6 +21,9 @@
/* /*
* An implementation of RSA PSS digital signature using wolfSSL * An implementation of RSA PSS digital signature using wolfSSL
* Usage:
./rsa-pss -s sign.txt
./rsa-pss -v sign.txt
*/ */
#include <stdio.h> #include <stdio.h>
@ -31,7 +34,8 @@
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/rsa.h> #include <wolfssl/wolfcrypt/rsa.h>
static const char* kRsaPubKey = "./rsa-public.key"; static const char* kRsaSignOpt = "-s";
static const char* kRsaPubKey = "./rsa-public.der";
#define MAX_DER_SIZE 2048 #define MAX_DER_SIZE 2048
#define RSA_KEY_SIZE 2048 #define RSA_KEY_SIZE 2048
@ -42,58 +46,95 @@ int main(int argc, char** argv)
const char* szMessage = "This is the string to be signed"; const char* szMessage = "This is the string to be signed";
unsigned char pSignature[RSA_KEY_SIZE/8]; unsigned char pSignature[RSA_KEY_SIZE/8];
unsigned char pDecrypted[RSA_KEY_SIZE/8]; unsigned char pDecrypted[RSA_KEY_SIZE/8];
int status = 0; int ret = 0;
int sz; int sz;
word32 idx = 0; word32 idx = 0;
unsigned char derBuf[MAX_DER_SIZE]; unsigned char derBuf[MAX_DER_SIZE];
FILE* f;
pRsaKey = malloc(sizeof(RsaKey));
wolfSSL_Debugging_ON(); wolfSSL_Debugging_ON();
wolfSSL_Init(); wolfSSL_Init();
wc_InitRsaKey(pRsaKey, NULL); pRsaKey = malloc(sizeof(RsaKey));
wc_InitRng(&rng); if (!pRsaKey) {
wc_RsaSetRNG(pRsaKey, &rng); printf("RSA_generate_key failed with error\n");
return MEMORY_E;
}
if (memcmp(argv[1], "-o", 2) == 0) { ret = wc_InitRsaKey(pRsaKey, NULL);
if (ret != 0) {
printf("Init RSA key failed %d\n", ret);
return ret;
}
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("Init RNG failed %d\n", ret);
wc_FreeRsaKey(pRsaKey);
return ret;
}
ret = wc_RsaSetRNG(pRsaKey, &rng);
if (ret != 0) {
printf("Set RSA RNG failed %d\n", ret);
goto prog_end;
}
if (memcmp(argv[1], kRsaSignOpt, 2) == 0) {
printf("generating RSA key to make a PSS signature\n"); printf("generating RSA key to make a PSS signature\n");
/* Generate an RSA key pair */ /* Generate an RSA key pair */
if (wc_MakeRsaKey(pRsaKey, RSA_KEY_SIZE, 0x010001, &rng) != 0) { if (wc_MakeRsaKey(pRsaKey, RSA_KEY_SIZE, 0x010001, &rng) != 0) {
printf("failed to create rsa key\n"); printf("failed to create rsa key\n");
} }
if (pRsaKey) if (pRsaKey) {
{
FILE* f;
f = fopen(kRsaPubKey, "wb"); f = fopen(kRsaPubKey, "wb");
printf("writing public key to %s\n", kRsaPubKey); printf("writing public key to %s\n", kRsaPubKey);
if (f == NULL) { if (f == NULL) {
printf("unable to write out private key\n"); printf("unable to write out public key\n");
} }
else { else {
sz = wc_RsaKeyToDer(pRsaKey, derBuf, sizeof(derBuf)); sz = wc_RsaKeyToPublicDer(pRsaKey, derBuf, sizeof(derBuf));
if (sz <= 0) { if (sz <= 0) {
printf("error with rsa load der %d\n", sz); printf("error with rsa to public der %d\n", sz);
goto prog_end;
}
else {
fwrite(derBuf, 1, sz, f);
} }
fwrite(derBuf, 1, sz, f);
fclose(f); fclose(f);
} }
} }
} }
else { else {
f = fopen(kRsaPubKey, "rb");
printf("reading in RSA key to verify signature\n"); printf("reading in RSA key to verify signature\n");
sz = wolfSSL_PemPubKeyToDer(kRsaPubKey, derBuf, sizeof(derBuf)); if (f == NULL) {
wc_RsaPublicKeyDecode(derBuf, &idx, pRsaKey, sz); printf("unable to open public key\n");
} }
if (!pRsaKey) else {
{ fseek(f, 0, SEEK_END);
printf("RSA_generate_key failed with error\n"); sz = ftell(f);
goto prog_end; if (sz > sizeof(derBuf)) {
printf("File %s exceeds max size\n", kRsaPubKey);
fclose(f);
return BUFFER_E;
}
fseek(f, 0, SEEK_SET);
fread(derBuf, 1, sz, f);
fclose(f);
ret = wc_RsaPublicKeyDecode(derBuf, &idx, pRsaKey, sz);
if (ret < 0) {
printf("Failed to load public rsa key der buffer %d\n", ret);
goto prog_end;
}
}
} }
if (memcmp(argv[1], "-o", 2) == 0) { if (memcmp(argv[1], kRsaSignOpt, 2) == 0) {
FILE* f = fopen(argv[2], "wb"); f = fopen(argv[2], "wb");
printf("Creating PSS signature and writing to %s\n", argv[2]); printf("Creating PSS signature and writing to %s\n", argv[2]);
if (f == NULL) { if (f == NULL) {
printf("error opening output file %s\n", argv[2]); printf("error opening output file %s\n", argv[2]);
@ -101,52 +142,61 @@ int main(int argc, char** argv)
} }
/* perform digital signature */ /* perform digital signature */
status = wc_RsaPSS_Sign((byte*)szMessage, sizeof(szMessage), ret = wc_RsaPSS_Sign((byte*)szMessage, sizeof(szMessage),
pSignature, sizeof(pSignature), pSignature, sizeof(pSignature),
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, pRsaKey, &rng); WC_HASH_TYPE_SHA256, WC_MGF1SHA256, pRsaKey, &rng);
if (status <= 0) if (ret <= 0) {
{ printf("RSA_private_encrypt failed with error %d\n", ret);
printf("RSA_private_encrypt failed with error %d\n", status);
goto prog_end; goto prog_end;
} }
sz = ret;
fwrite(pSignature, 1, status, f); fwrite(pSignature, 1, sz, f);
fclose(f); fclose(f);
} }
else { else {
FILE* f; byte* pt;
f = fopen(argv[2], "rb"); f = fopen(argv[2], "rb");
if (f == NULL) { if (f == NULL) {
printf("unable to open %s\n", argv[2]); printf("unable to open %s\n", argv[2]);
goto prog_end; goto prog_end;
} }
fread(pSignature, 1, sizeof(pSignature), f);
fseek(f, 0, SEEK_END);
sz = ftell(f);
if (sz > sizeof(pSignature)) {
fclose(f);
return BUFFER_E;
}
fseek(f, 0, SEEK_SET);
fread(pSignature, 1, sz, f);
fclose(f); fclose(f);
/* now we will verify the signature /* now we will verify the signature
Start by a RAW decrypt of the signature Start by a RAW decrypt of the signature
*/ */
byte* pt = pDecrypted; pt = pDecrypted;
status = wc_RsaPSS_VerifyInline(pSignature, sizeof(pSignature), &pt, ret = wc_RsaPSS_VerifyInline(pSignature, sizeof(pSignature), &pt,
WC_HASH_TYPE_SHA256, WC_MGF1SHA256, pRsaKey); WC_HASH_TYPE_SHA256, WC_MGF1SHA256, pRsaKey);
if (status <= 0) if (ret <= 0) {
{ printf("RSA_public_decrypt failed with error %d\n", ret);
printf("RSA_public_decrypt failed with error %d\n", status);
goto prog_end; goto prog_end;
} }
else else {
{
printf("RSA PSS verify success\n"); printf("RSA PSS verify success\n");
} }
} }
prog_end: prog_end:
if (pRsaKey) wc_FreeRsaKey(pRsaKey);
free(pRsaKey);
wolfSSL_Cleanup(); if (pRsaKey)
free(pRsaKey);
return 0; wolfSSL_Cleanup();
return 0;
} }